17

I have two authenticate users in two ways:

  1. If they are an internal user we authenticate through Windows' active directory
  2. If they registered with the site they authenticate through Forms Authentication

In MVC 3/4 I was able to accomplish this by implementing a custom membership provider and custom role provider.

Is the same possible in MVC 5 using OWIN and Identity and how can it be done?

jamesSampica
  • 12,230
  • 3
  • 63
  • 85

1 Answers1

19

In essence a mixed mode is a forms authentication with a windows authentication entry point, once the user gets passed it, the normal forms authentication flow takes place.

Enabling Windows Authentication in Katana

Katana does not currently provide OWIN middleware for Windows Authentication, because this functionality is already available in the servers

So for windows authentication to work, I have to rely on one of the provided hosts, either IIS or Self-host (System.Net.HttpListener).

I made a solution that makes it look like an external provider, mapping windows identities as external logins.

Mixed Authentication

Source code : https://github.com/MohammadYounes/MVC5-MixedAuth

Community
  • 1
  • 1
MK.
  • 5,139
  • 1
  • 22
  • 36
  • Say I want the same login screen for both authentication forms. Can your solution be modified to combine them into a single action. As a related question, can `Identity` be done using database-first for external users? – jamesSampica Jan 13 '14 at 16:57
  • @Shoe I didn't get your point! The solution already have [one login screen](https://raw2.github.com/MohammadYounes/MVC5-MixedAuth/screens/screens/Login.PNG) for both (win+forms). but if you mean combining both to a single controller action? then yes it can be done, but for coding reasons I prefer keeping them separate. as for your last question, you just need to implement your own `UserManager` and `UserStore`. – MK. Jan 13 '14 at 17:33
  • I Understand. In DB-first how would `User` class inherit from `IdentityUser` like `ApplicationUser` does? – jamesSampica Jan 13 '14 at 18:09
  • @Shoe Its a matter of implementation, `IdentityUser` is just a base class, with clear mapping to DB tables. For a DB-first implementation all you need is just to implement a `UserStore`, it has a long list of interfaces, but you can start by looking at the EF implementation inside `Microsoft.AspNet.Identity.EntityFramework.dll`. – MK. Jan 13 '14 at 20:32
  • Can you please help me with this question:http://stackoverflow.com/questions/39275597/how-to-give-custom-implementation-of-updateasync-method-of-asp-net-identity – I Love Stackoverflow Sep 01 '16 at 15:31
  • @Learning Avoid using the UserStore directly and use the ApplicationUserManager instead. – MK. Sep 02 '16 at 17:12